According to the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017, national or state-level officials are allowed to issue temporary suspension orders to shut down telecom services in times of public emergency or threats to public safety. However, each order should contain reasons for shutdowns of telecom services and should be forwarded to a review committee for assessment.

It is reported that in April 2022, the Indian Ministry of Information and Broadcasting (MIB) issued several orders to social media and news companies to block access to twenty-two YouTube channels, three Twitter accounts, one Facebook account, and a news webpage. The MIB noted that those twenty-two YouTube channels were spreading “anti-Indian” content and false information regarding the “situation in Ukraine”, which could endanger India’s foreign relations. The MIB decision follows the adoption of the Information Technology Rules of February 2021, giving the ministry the power to restrict access to content during emergencies where “no delay is acceptable". In addition, it has been reported that the government has routinely blocked specific websites or successfully pressured social media platforms to block content in India. According to reports, nearly 7,000 social media posts and accounts were blocked in 2022.

According to Art. 4.2 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, a significant social media intermediary (defined as a social media intermediary having a number of registered users in India above five million) providing messaging services must enable identification of the first originator of the information on its computer resource as may be required by a judicial order or an order passed by a competent authority. In complying with an order for the identification of the first originator, a significant social media intermediary will not be required to disclose the contents of the electronic message related to the first originator or other users. No order must be passed in cases where there are less intrusive means of identifying the originator of the information.

According to Art. 8 of the Information Technology Rule, an officer so designated by the Central Government under the Rules (known as 'Designated Officer') can on the receipt of a request from any nodal officer of a government organisation or a competent court or by an order of any agency of the government can block access by the public to any information transmitted, received, stored or hosted in any computer resource. The request will be examined by a committee consisting of the designated officer and its chairperson and representatives, who shall determine if the information must be blocked.

According to Art. 3.3 of the Information Technology Intermediaries Guidelines Rules, intermediaries are required to deploy technology-based automated tools or appropriate mechanisms with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.

Section 69 of the Indian Information Technology Act (IITA) requires intermediaries to extend all facilities and technical assistance to intercept, monitor or decrypt information as well as to provide information stored in a computer or provide access to a computer resource, when called upon to do so by certain agencies. This extends to online intermediaries which are required to designate an officer to facilitate the execution of such orders. Intermediaries that fail to meet these obligations may be punished with imprisonment of up to seven years.

According to the Use of Aadhaar e-KYC service of Unique Identity Authority of India (UIDAI) for issuing new mobile connections and re-verification of existing subscribers-OTP based authentication regulation, Indian citizens are required to register their SIM card with their Aadhaar Card (a type of national identity card). Foreigners have to provide their passport, a photocopy of their Indian visa/ travel permit, a passport-sized photo and contact details.

The Information Technology Act establishes a safe harbour regime for intermediaries for copyright infringements. Section 79 of the Act provides intermediaries with qualified immunity for unlawful content, as long as they follow the prescribed due diligence requirements and do not conspire, abet or aid an unlawful act. However, the protection lapses if an intermediary with "actual knowledge" of any content used to commit an unlawful act, or on being notified of such content, fails to remove, or disable access to it.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, establishes a safe harbour regime beyond intermediaries for copyright infringement. According to Rule 3(1)(d), an intermediary, after receiving 'actual knowledge' through a court order or by being notified by a government agency must remove information that is prohibited by law in relation to the interest and sovereignty of India, the security of the state, friendly relations with foreign states, public order, decency or morality, contempt of court, defamation, incitement to an offence or information which violates any law which is in force. Such information has to be removed within a duration of thirty-six hours from receipt of actual knowledge by the intermediary.
In addition, "significant social media intermediaries", defined as having more than five million registered Indian users, need to observe additional due diligence requirements to claim the immunity/safe harbour available. Rule 6 of the Information Technology Rules provides that even if a social media intermediary does not meet this user threshold, the Central Government may still require an intermediary to meet these additional obligations if it believes that their operations create a material risk of harm to the sovereignty and integrity of India or to the security of the State. This discretion to the Central government may lead to the arbitrary imposition of additional obligations on certain intermediaries. The additional due diligence requirements include appointing certain personnel for compliance, enabling identification of the first originator of the information on its platform under certain conditions, and deploying technology-based measures on a best-effort basis to identify certain types of content.

The Rules provide that the officer so designated by the Central Government under the Rules (known as 'Designated Officer') can on the receipt of request from any nodal officer of a government organisation or a competent court or by an order of any agency of the government can block access by the public to any information transmitted, received, stored or hosted in any computer resource. The request will be examined by a committee consisting of the designated officer and its chairperson and representatives, who shall determine if the information must be blocked.

Pursuant to Section 5 of the Telegraph Act and the Telegraph Rules, the Government has the power to temporarily possess licensed telegraphs and order the interception or disclosure of messages sent through such devices. The definition of a telegraph is fairly wide: it means any appliance, instrument, material, or apparatus used (or that is capable of being used) for transmission or reception of signs, signals, writing, images, and sounds or intelligence of any nature by wire, visual, or other electromagnetic emissions, radio waves or Hertzian waves, or galvanic, electric, or magnetic means. It is not clear whether a court order is required to access the data.

Under the Agreement for Provisions of Internet Services, ISP License holders must maintain a log of all users connected to the service they are using and outward logins through an ISPs computers, which must be made available to the Telecom Authority at all times. ISP License holders must also provide to authorized intelligence agencies at any time a complete list of subscribers made available on the ISP website with password controlled access. A complete list of the records that must be maintained and provided for security purposes to authorities is set out in the link. ISPs are regulated and operate under a license issued under the Telegraph Act, 1885. Under the Telegraph Act, any interception of messages may only be carried out pursuant to a written order by an officer specifically empowered for this purpose by the State or Central Government. The officer must be satisfied that it is necessary or expedient to do so in the interests of the security and sovereignty of India. However, such a requirement appears to be only for interception of messages and not for storage of subscriber related information.
The CMTS and the BTS Licenses identify several categories of records that must be made available and provided for security purposes to the Telecom Authority or authorized Intelligence Agencies. For example, under the BTS License, a designated person from the Central/State government has the right to monitor the telecommunication traffic in every switch and any other point in the network set up by the TSP. Further, TSPs are required to make arrangement for monitoring and simultaneous calls by Government security agencies at the location desired by the Central/State government. Along with the monitored calls, the following records should be made available: (i) called/calling party numbers; (ii) time/date and duration of interception; (iii) precise location of target subscribers; (iv) subscriber numbers if any call-forwarding feature has been invoked by the target subscriber; (v) data records for even failed call attempt. Since the BTS is provided under the aegis of the Telegraph Act, any conditions related to interception pursuant to an order of an officer of the State/Central Government may apply here.

Section 69 of the Information Technology Act 2000, as amended by the Information Technology (Amendment) Act 2008, gives the central and state governments the power to direct any agency to intercept, monitor or decrypt, or cause to be intercepted, monitored or decrypted any information transmitted, received or stored through any computer resources. The government must be satisfied that this is necessary in the interest of the sovereignty, security or defense of India. The government may require any subscriber or intermediary or any person in charge of the computer resource to extend all facilities and technical assistance necessary to decrypt the information.

Under Rule 4 of the Information Technology Rules of 2021, a "significant" social media intermediary (defined as a social media intermediary having number of registered users in India above 5,000,000) must appoint a Chief Compliance Officer who must ensure compliance with the Rules and will be liable in any proceedings relating to any relevant third-party information, data or communication link made available or hosted by that intermediary where he/she fails to ensure that such intermediary observes due diligence while discharging its duties under the Rules.

According to the License Agreement Guidelines, the Internet Service Provider licensee shall maintain all commercial records, call detail records, exchange detail records, and IP detail records with regard to the communications exchanged on the network. Such records shall be archived for at least two years for scrutiny by the Licensor for security reasons and may be destroyed thereafter unless directed otherwise by the Licensor.
Data retention requirements were previously in place under the “License Agreement for Provision of Internet Services” by the Department of Telecommunications, Ministry of Communications & IT, Government of India.